An efficient network anomaly detection scheme based on TCM-KNN algorithm and data reduction mechanism

Network anomaly detection plays a vita role in securing network security and infrastructures. Current research focuses concentrate on how to effective reduce high false alarm rate and usually ignore the fact that the poor quality data for the modeling of normal patterns as well as the high computational cost make the current anomaly detection methods not act as well as we expect. Based on these, we first propose a novel data mining scheme for network anomaly detection in this paper. Moreover, we adopt data reduction mechanisms (including genetic algorithm (GA) based instance selection and filter based feature selection methods) to boost the detection performance, meanwhile reduce the computational cost of TCM-KNN. Experimental results on the well-known KDD Cup 1999 dataset demonstrate the proposed method can effectively detect anomalies with high detection rates, low false positives as well as with high confidence than the state-of-the-art anomaly detection methods. Furthermore, the data reduction mechanisms would greatly improve the performance of TCM-KNN and make it be a good candidate for anomaly detection in practice.